<?php
/**
 * Magento Enterprise Edition
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Magento Enterprise Edition License
 * that is bundled with this package in the file LICENSE_EE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://www.magentocommerce.com/license/enterprise-edition
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@magentocommerce.com so we can send you a copy immediately.
 *
 * DISCLAIMER
 *
 * Do not edit or add to this file if you wish to upgrade Magento to newer
 * versions in the future. If you wish to customize Magento for your
 * needs please refer to http://www.magentocommerce.com for more information.
 *
 * @category    Mage
 * @package     Mage_Api2
 * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 * @license     http://www.magentocommerce.com/license/enterprise-edition
 */

/**
 * API User authentication model
 *
 * @category   Mage
 * @package    Mage_Api2
 * @author     Magento Core Team <core@magentocommerce.com>
 */
class Mage_Api2_Model_Auth
{
    /**
     * Use this type if no authentication adapter is applied
     */
    const DEFAULT_USER_TYPE = 'guest';
    const DELIVER_USER_ROLE_NAME = '配送员';

    /**
     * Figure out API user type and create user model instance
     *
     * @param Mage_Api2_Model_Request $request
     * @throws Exception
     * @return Mage_Api2_Model_Auth_User_Abstract
     */
    public function authenticate(Mage_Api2_Model_Request $request)
    {
        /** @var $helper Mage_Api2_Helper_Data */
        $helper = Mage::helper('api2/data');
        $userTypes = $helper->getUserTypes();

        if (!$userTypes) {
            throw new Exception('No allowed user types found');
        }
        /** @var $authAdapter Mage_Api2_Model_Auth_Adapter */
        $authAdapter = Mage::getModel('api2/auth_adapter');
        $userParamsObj = $authAdapter->getUserParams($request);


        if (Mage::app()->getRequest()->getHeader('App-Id') == 100) {
            /** @var Mage_Customer_Model_Session $session */
            /*$session = Mage::getSingleton('customer/session');
            $uid = $session->getCustomerId();
            if (!$uid) {
                throw new Exception("Cant't find customer in session");
            }*/
            $uid = $this->_getUserIdBySessionId();
            if (!$uid) {
                throw new Exception("Cant't find customer in session");
            }
        } else {
            $uid = $this->_getUserIdByToken();
        }

        if ($uid) {
            if (Mage::app()->getRequest()->getHeader('App-Id') == 201) {
                $this->_validateAdminUser($uid);
                $userParamsObj->type = 'admin';
            } else {
                $userParamsObj->type = 'customer';
            }
        } else {
            $userParamsObj->type = 'guest';
        }
        

        if (!isset($userTypes[$userParamsObj->type])) {
            throw new Mage_Api2_Exception(
                'Invalid user type or type is not allowed', Mage_Api2_Model_Server::HTTP_UNAUTHORIZED
            );
        }
        /** @var $userModel Mage_Api2_Model_Auth_User_Abstract */
        $userModel = Mage::getModel($userTypes[$userParamsObj->type]);

        if (!$userModel instanceof Mage_Api2_Model_Auth_User_Abstract) {
            throw new Exception('User model must to extend Mage_Api2_Model_Auth_User_Abstract');
        }
        // check user type consistency
        if ($userModel->getType() != $userParamsObj->type) {
            throw new Exception('User model type does not match appropriate type in config');
        }

        if ($uid) {
            $userModel->setUserId($uid);
        } else {
            $userModel->setUserId($userParamsObj->id);
        }
        return $userModel;
    }

    private function _getUserIdByToken()
    {
        $token = Mage::app()->getRequest()->getHeader('Access-Token');
        if ($token) {
            $tokenModel = Mage::getModel('mapi/token')->loadByToken($token);
            if ($tokenModel && $tokenModel->getId()) {
                return $tokenModel->getCustomerId();
            }
            return 0;
        } else {
            return 0;
        }
    }

    private function _validateAdminUser($uid)
    {
        $warehouseUser = Mage::getModel("zgb/warehouse")->load($uid, 'admin_id');
        if (!$warehouseUser || $warehouseUser->getStatus() != '1') {
            throw new Mage_Api2_Exception("你的帐号已被禁用！", 403);
        }
    }

    private function _getUserIdBySessionId()
    {
        $uid = 0;
        $sessionid = Mage::app()->getRequest()->getHeader('sessionid');
        $sessionid = $_COOKIE['frontend'];
        //var_dump($sessionid);
        if ($sessionid) {
            $uid = Mage::getModel('customer/session')->getId();
            $filePath = session_save_path()."/sess_{$sessionid}";
            $data = file_get_contents($filePath);
            session_decode($data);
            //var_dump($_SESSION);

            // 需要设置customer/account_share/scope为global
            //$uid = Mage::getModel('customer/session')->getId();
            //session_id($sessionid);
            //$uid = Mage::getModel('customer/session')->getId();
            $runCode = $_COOKIE['run_code'];
            $key = "customer_".$runCode;

            if(isset($_SESSION[$key]) && $_SESSION[$key])
            {
                $customer = $_SESSION[$key];

                if(isset($customer['customer_id']) && $customer['customer_id'])
                {
                    return $customer['customer_id'];
                }
                return $uid;
            }
        }
        return $uid;
    }

}
